Apache2 Configuration on Server (Debian 9)
Before We Start:
Since I have stupidly misconfigure my websites (to meet the 502 error), I finally figured out the way to configure Apache. This passage will start with Apache installation.
Agenda
- Prerequisites
- Apache Installation
- UFW (Firewall) Modification
- Web Server Verification
- Appache Processing Management
- Virtual Host Setting
- Apache Files and Directories
- Certbot: Get Your Site on https://
1. Prerequisites
Before the instruction, you are supposed to have a regular user (not root) but equiped with sudo
authority on your server. In addition, you need to enable a basic firewall to block unnecessary ports. You can follow our Debian 9 initial server setup guide to learn how to configure regular user accounts and set up a firewall for your server.
If you have an account available, log in as a non-root user to get started.
2. Apache Installation
Apache is in the list of default software on Debian, so we can easily install it with the traditional package management tools.
Let's start by updating the local package index to reflect the latest upstream changes:
sudo apt update
Then, install the package apache2
:
sudo apt install apache2
After confirming the installation, apt
will install Apache and all required dependencies.
3. UFW (Firewall) Modification
Before testing Apache, it is necessary to modify the firewall settings to allow external access to the default web port. Assuming you follow the instructions in the prerequisites, you should configure the UFW firewall to restrict access to the server.
During the installation process, Apache registers itself with UFW to provide some application configuration files that can be used to enable or disable access to Apache through the firewall.
Type the following to list the ufw application configuration files:
sudo ufw app list
Output
Available applications:
AIM
Bonjour
CIFS
. . .
WWW
WWW Cache
WWW Full
WWW Secure
. . .
Apache configuration files begin with WWW
:
WWW
: This profile only opens port 80 (normal, unencrypted web traffic)
WWW cache
: This profile only opens port 8080 (sometimes used for caching and web proxy)
WWW Full
: This profile opens port 80 (normal, unencrypted web traffic) and port 443 (TLS / SSL encrypted traffic)
WWW Secure
: This profile only opens port 443 (TLS / SSL encrypted traffic)
We recommend that you enable the most restrictive profile that still allows you to configure the traffic. Since we have not configured SSL for our server in this guide, we only need to allow traffic on port 80:
sudo ufw allow 'WWW'
You can type the following to verify the changes:
sudo ufw status
You should see allowed HTTP traffic in the output shown:
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
WWW ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
WWW (v6) ALLOW Anywhere (v6)
As you can see, the profile has been activated to allow access to the web server.
4. Web Server Verification
At the end of the installation process, Debian 9 launched Apache. The web server should be up and running.
Check the systemd init
system to ensure that the service is running by typing the following:
sudo systemctl status apache2
●** apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset:
Active: **active (running)** since Tue 2019-12-03 21:57:09 UTC; 1h 3min ago
Process: 5580 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS
Process: 5505 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/S
Process: 5588 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCE
Main PID: 5592 (apache2)
CGroup: /system.slice/apache2.service
├─5592 /usr/sbin/apache2 -k start
├─6496 /usr/sbin/apache2 -k start
└─6526 /usr/sbin/apache2 -k start
Dec 03 21:57:09 ns3293207 systemd[1]: Starting The Apache HTTP Server...
Dec 03 21:57:09 ns3293207 systemd[1]: Started The Apache HTTP Server.
From this output, it appears that the service has started successfully. However, the best way to test this method is to request a page from Apache.
You can visit the default Apache login page to confirm that the software is functioning normally through your IP address. If you don't know the server's IP address, there are several different methods you can get from the command line.
Try typing at the server's command prompt:
hostname -I
You will get some addresses separated by spaces. You can try each in a web browser to see if they work.
Another method is to use the curl
tool, which can give you a public IP address as seen from other locations on the Internet.
First, install curl
using apt
:
sudo apt install curl
Then, use curl
to retrieve icanhazip.com using IPv4:
curl -4 icanhazip.com
Once you have your server's IP address, enter it into your browser's address bar:
http://your_server_ip
You should see the default Debian 9 Apache web page, which shows that “It works."
This page indicates that Apache is running normally. It also includes some basic information about important Apache files and directory locations.
5. Appache Processing Management
Now that you have your web server up and running, let's have a look at some basic administrative commands.
To stop the web server, type:
sudo systemctl stop apache2
To start it when the web server is stopped, type:
sudo systemctl start apache2
To stop and start the service again, type:
sudo systemctl restart apache2
If you are just making configuration changes, Apache can usually reload without dropping the connection. To do this, use the following command:
sudo systemctl reload apache2
By default, Apache is configured to start automatically when the server boots. If this is not what you want, disable this behavior by typing:
sudo systemctl disable apache2
To re-enable the service to start at startup, type:
sudo systemctl enable apache2
Apache should now start automatically when the server starts again.
6. Virtual Host Setting
When using an Apache web server, you can use a virtual host (similar to a server block in Nginx) to encapsulate configuration details and host multiple domains from a single server. We will set up a domain name lynnislu.com, but you should replace it with your own domain name.
Apache on Debian 9 has a server block enabled by default, configured to serve documentation from the /var/www/html
directory. Although this applies to a single site, it can become difficult to handle if you host multiple sites. Don't modify /var/www/html
, let's create a directory structure at /var/www
of lynnislu.com website, and leave /var/www/html
as the default directory if the client request does not match any other website. For me, I mkdir
for lynnislu.com and bb.lynnislu.com.
Create a directory for example.com as shown below, using the -p
flag to create any required parent directories:
sudo mkdir -p /var/www/lynnislu.com/html
sudo mkdir -p /var/www/bb.lynnislu.com/html
Next, use the $USER
environment variable to assign ownership of the directory:
sudo chown -R $USER:$USER /var/www/lynnislu.com/html
If you haven't modified the unmask
value, the permissions of the web root directory should be correct, but you can make sure by typing:
sudo chmod -R 755 /var/www/lynnislu.com
Next, create a sample index.html
page using nano
or your favorite editor:
nano /var/www/lynnislu.com/html/index.html
Inside, add the following example HTML:
/var/www/lynnislu.com/html/index.html
:
<html>
<head>
<title>Welcome to lynnislu.com!</title>
</head>
<body>
<h1>Success! The lynnislu.com server block is working!</h1>
</body>
</html>
Save and close the file when you are finished.
In order for Apache to serve this content, the virtual host file must be created with the correct instructions. Do not directly modify the default configuration file located at /etc/apache2/sites-available/000-default.conf
. Instead, create a new file at /etc/apache2/sites-available/lynnislu.com.conf
:
Paste in the following configuration block, similar to the default configuration block, but updated for our new directory and domain name:
/etc/apache2/sites-available/example.com.conf
:
<VirtualHost *:80>
ServerAdmin luxu_lynn@hotmail.com
ServerName lynnislu.com
ServerAlias www.lynnislu.com
DocumentRoot /var/www/lynnislu.com/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Please note that we have updated DocumentRoot
to a new directory and ServerAdmin
to an email accessible to the lynnislu.com site administrator. We also added two directives: ServerName
, which establishes the base domain that should match this virtual host definition; ServerAlias
, which defines more names that should match, as if they were base names.
Save and close the file when you are finished.
Let's use a2ensite
to enable the site configuration file.
sudo a2ensite lynnislu.com.conf
And to avoid the conflict, let's disable the default site configured by 000-default.conf
sudo a2dissite 000-default.conf
Now we can test simply the configuration files (Only syntax).
sudo apache2ctl configtest
The output:
Syntax OK
Restart your Apache to apply the configuration.
sudo systemctl restart apache2
Apache now is serving for your domain name, well, I can navigate to http://www.lynnislu.com to test it. For you, it depends on your domain name.
7. Apache Files and Directories
Now that you know how to manage the Apache service itself, you should take a few minutes to familiarize yourself with some important directories and files, which is so important.
content
/var/www/html
: The actual web content by default only contains the default Apache page you saw before, which is provided under the /var/www/html
directory. This can be changed by changing the Apache configuration file.
server configuration
/etc/apache2
: Apache configuration directory. All Apache configuration files reside here.
/etc/apache2/apache2.conf
: The main Apache configuration file. It can be modified to change the Apache global configuration. This file is responsible for loading many other files in the configuration directory.
/etc/apache2/ports.conf
: This file specifies the ports that Apache will listen on. By default, Apache listens on port 80 and additionally listens on port 443 when modules that provide SSL capabilities are enabled.
/etc/apache2/sites-available/
: A directory where virtual hosts per site can be stored. Apache does not use configuration files in this directory unless they are linked to the sites-enabled
directory. Normally, all server block configuration is done in this directory and then enabled by linking to other directories using the a2ensite command.
/etc/apache2/sites-enabled/
: Directory that stores per-site virtual hosts that are enabled. Usually, these are created by using a2ensite to link to a configuration file in the sites-available directory. Apache reads configuration files and links in this directory when it starts or reloads to compile the full configuration.
/etc/apache2/conf-available/
, /etc/apache2/conf-enabled/
: These directories have the same relationship as the sites-available
and sites-enabled
directories, but are used to store configuration snippet virtual hosts that do not belong to a. You can use the a2enconf
command to enable files in the conf-available
directory, and use the a2enconf
command to disable these a2disconf
.
/etc/apache2/mods-available/
, /etc/apache2/mods-enabled/
: These directories contain available and enabled modules, respectively. Files ending in .load
contain fragments for loading specific modules, and files ending in .conf
contain the configuration of these modules. Modules can be enabled and disabled using the a2enmod
and a2dismod
commands.
Server log
/var/log/apache2/access.log
: By default, every request to the web server will be recorded in this log file unless Apache is configured to perform other operations.
/var/log/apache2/error.log
: By default, all errors are logged in this file. The LogLevel directive in the Apache configuration specifies how much detail the error log will contain.
You can use command tail -f <log_filename>
to check the log.
8. Certbot: Get Your Site on https://
Here is the easiest way to get your site on https://.
Well, just go to the website, Certbot.